The International Association of Privacy Professionals

(Mar 3, 2015)
On Monday, March 2, I attended a reception in Brussels at which new European Data Protection Supervisor (EDPS) Giovanni Buttarelli and Assistant Supervisor Wojciech Wiewiórowski presented their strategic plan for the next five years. Entitled “The EDPS Strategy 2015-2019: Leading by Example,” the document represents a key moment in the work of the EU’s leading data protection regulator.
In the 11 years since Peter Hustinx originally established it, the EDPS has come to enjoy a worldwide reputat...
Read More

(Mar 3, 2015)
In the second installment of this series for The Privacy Advisor looking at monitoring programs across industries, including the privacy consultant, healthcare, IT, finance, government and telecom, Deidre Rodriguez, CIPP/US, talks with Danette Slevinski, vice president and corporate responsibility officer for Bon Secours Charity Health System, where she administers the corporate responsibility and Health Insurance Portability and Accountability Act (HIPAA) privacy program. "By having a monitorin...
Read More

(Mar 3, 2015)
A look at the White House’s recently announced Cyber Threat Intelligence Integration Center by TechNewsWorld identifies the elephant in the cyber room: Because the nation lacks a cybersecurity policy to unify the effort, the billions of data points are likely to overwhelm the center, especially given the technology and people needed to assimilate and process all that data has never been assembled in the necessary scale. However, some observers see it as a step in the right direction. “If the NSA...
Read More

(Mar 3, 2015)
My first impression of Mark Zuckerberg in the flesh is that he is permanently excited and overflowing with energy. That is hardly surprising given his age and his role in the Internet revolution. But the fact that he dropped by at the Mobile World Congress in Barcelona this week is quite significant. The annual Mobile World Congress is a mega event with nearly 100,000 attendees and the participation of every business with an interest in anything to do with mobile communications. So the presence ...
Read More

(Mar 2, 2015)
The White House released what it’s calling a “discussion draft” of its Consumer Privacy Bill of Rights (CPBR) late Friday. The bill aims to “establish baseline protections for individual privacy in the commercial arena and to foster timely, flexible implementations of these protections through enforceable codes of conduct developed by diverse stakeholders.” We round up the various reactions.
Read More

(Mar 2, 2015)
In this week’s Privacy Tracker legislative roundup, read about a plan between Labor and the Australian government that may see the controversial data retention plan enacted. In Canada, a new government proposal would see greater information-sharing between agencies such as immigration, Employment Canada and the RCMP. Russia’s lower chamber of Parliament has reportedly approved new and larger fines for violating data protection laws. Also, read an overview of 10 California privacy bills, new U.S....
Read More

(Mar 2, 2015)
The Federal Communications Commission (FCC) made history on Thursday, The Washington Post reports, by classifying Internet service providers (ISPs) as public utilities. The vote was aimed at ensuring net neutrality, but the reclassification means the FCC will now have more oversight of privacy practices of ISPs, and privacy advocates say it also probably means better protections for consumers because it means ISPs “will now have to abide by a specific set of rules designed to protect the privacy...
Read More

(Feb 27, 2015)
We’ve all heard the common password advice: Choose a random password with a lot of characters, include digits and symbols, don’t use a dictionary word, don’t write it down and change it often. While some of this advice is useful, some of it is counterproductive and probably even harmful.
Next Friday I will be giving a Game Changer talk at the IAPP Global Privacy Summit in which I will discuss research results—from my own research group at Carnegie Mellon University as well as from others&...
Read More

(Mar 2, 2015)
The past few years have seen an epic struggle between governments, businesses and individuals for governance of the Internet. The platform, which now pervades every aspect of our daily lives, promises different things to different stakeholders. Governments see it as a driver of economic growth as well as a source of intelligence about competing economies, terrorist threats, domestic law enforcement and, in certain countries, political dissent. Businesses view it as a hotbed for innovation as wel...
Read More

(Feb 27, 2015)
Email is used every day to deliver information and discuss private and sensitive issues, making it fertile ground for hackers and a treasure trove of information for potential litigation. In the last year, it has become increasingly clear to businesses, consumers and governments that the related problems of digital privacy and cyber theft must be solved, and email is at the heart of this problem. To help privacy pros learn about emerging technologies that can be used to help secure email communi...
Read More

(Feb 27, 2015)
Until recently, it seemed to be a concept that arose solely in the EU. However, late last year a French court, relying on the right to be forgotten, issued an injunction requiring Google to remove allegedly defamatory material linked to a Danish lawyer employed in France from its search engine worldwide. The French court's order raises a significant question of whether a U.S. court would enforce an order, John Stephens and Paul Pittman write in this exclusive for The Privacy Advisor.Full Story...
Read More

The premier event in Canadian privacy will return to Toronto, but don’t expect the same old same old—think even bigger and better than the last. Canadian privacy pros, this is your must-attend event of the year.
Read More

(Feb 26, 2015)
Last year, Profs. Peter Swire and Annie Antón wrote a compelling piece in Privacy Perspectives about the need for privacy engineers and lawyers to get along. Establishing a common language in which to communicate will be essential to appropriately connect policy with technology.
It’s probably safe to say that the most common terms used in privacy are personally identifiable information (PII) and personal data, depending upon whether you come from a U.S. or European background. I think these ter...
Read More

(Feb 24, 2015)
First Data began its effort to win approval for its binding corporate rules (BCRs) in 2007. This month, the UK Information Commissioner's Office (ICO) officially recognized the multinational payment solutions company's BCRs for data processors. Now able to boast it's been approved for both processors and controllers, it's also the first company to have done so under the purview of the ICO.
Read More

Don’t miss out on the only conference that brings globally recognized IAPP programming to Asia. If you’re looking for exclusive networking and intensive education on data protection trends and challenges in Asia, the Forum is for you. Register now to save your seat.
Read More

(Feb 25, 2015)
For the second year in a row, the IAPP is joining forces with the Cloud Security Alliance to provide a powerhouse conference that combines the CSA’s Congress and the IAPP’s Privacy Academy: Privacy. Security. Risk. 2015, and the call for speakers for the conference is now open. We’re looking for speaking proposals that are interactive, practical and hands-on. If you have the know-how to run a workshop-style session that includes case studies, exercises, real-life scenarios and all things how-to,...
Read More

Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all of them large, private, for-profit firms operating from a base in the United States, and got a 23-percent response rate, providing us with one of the most comprehensive samples of corporate privacy le...
Read More

(Jan 15, 2015)
On Monday, presaging his sixth State of the Union Address, U.S. President Barack Obama visited the Federal Trade Commission (FTC) bearing a message of sweeping privacy reform. Coincidentally, it was almost exactly 101 years ago that President Woodrow Wilson, in his January 20, 1914, State of the Union Address, announced his antitrust initiative to Congress, declaring, “We are all agreed that ‘private monopoly is indefensible and intolerable.’” The result of that speech was the passage of the FTC...
Read More

APIA can help you automate the process of evaluating, assessing and reporting on the privacy implications of your enterprise IT systems. Exclusively available through the IAPP, the APIA System allows you to select questions from the prepopulated bank of PIA questions or create your own, meaning you can build and save PIA templates to be reused and reported out.
Learn More

Find out what’s making headlines today. In the rapid changes in data protection, we make it easy to stay in the know with daily news updates, expert analysis, original reporting, legislative alerts and opinion pieces from the influencers making the news.Find out more

There are lots of ways to connect with fellow members and the privacy community. From local chapter meetings to virtual networks to social media, you’ll find networking opportunities to help you get involved.Find out more

Looking for a way to stand out? Add an IAPP credential after your name. Whether you want to distinguish yourself from others in your field or to advance your skills, a globally recognized IAPP certification is the edge you’re looking for.Find out more

The IAPP offers all the tools and information you need to get your job done. We’ve collected templates, forms, charts and checklists to help you with everything you can think of, from privacy notices to data breach response to cybersecurity and beyond.Find out more

There’s no better way to experience the IAPP community. Whether you’re looking for education, networking or access to privacy experts and regulators, IAPP conferences are where it’s at. We host eight premier conferences around the world each year.Find out more

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.